Schannel event logging for TLS versions

I need to spot check tls connections that are coming into our DC from clients. This is a best effort exercise. I know how to turn on the schannel logging and that it requires a reboot. But, can the logging levels be changed between 0 and 7 without have to
reboot once the key is created?

In my recent experience, you do have to reboot the box after making changes to the key to get the additional logging levels.

My advice is to go directly to 7 and take the bounce during a maintenance window and it should get you what you need. We tried the lower values but it wasn’t until combining all of the logging levels that it became truly useful for troubleshooting.

I need to spot check tls connections that are coming into our DC from clients. This is a best effort exercise. I know how to turn on the schannel logging and that it requires a reboot. But, can the logging levels be changed between 0 and 7 without have to
reboot once the key is created?

In my recent experience, you do have to reboot the box after making changes to the key to get the additional logging levels.

My advice is to go directly to 7 and take the bounce during a maintenance window and it should get you what you need. We tried the lower values but it wasn’t until combining all of the logging levels that it became truly useful for troubleshooting.

I need to spot check tls connections that are coming into our DC from clients. This is a best effort exercise. I know how to turn on the schannel logging and that it requires a reboot. But, can the logging levels be changed between 0 and 7 without have to

In my recent experience, you do have to reboot the box after making changes to the key to get the additional logging levels.

My advice is to go directly to 7 and take the bounce during a maintenance window and it should get you what you need. We tried the lower values but it wasn’t until combining all of the logging levels that it became truly useful for troubleshooting.

The additional schannel logging is good to have in addition to packet capture data.

For example, my recent case was figuring out cipher config issues on some workstations that had a botched deployment and we’re missing some required ciphers. Pocket captures gave us some hints but schannel logging helped narrow down the exact issues.

In my recent experience, you do have to reboot the box after making changes to the key to get the additional logging levels.

My advice is to go directly to 7 and take the bounce during a maintenance window and it should get you what you need. We tried the lower values but it wasn’t until combining all of the logging levels that it became truly useful for troubleshooting.

The additional schannel logging is good to have in addition to packet capture data.

For example, my recent case was figuring out cipher config issues on some workstations that had a botched deployment and we’re missing some required ciphers. Pocket captures gave us some hints but schannel logging helped narrow down the exact issues.

In my recent experience, you do have to reboot the box after making changes to the key to get the additional logging levels.

My advice is to go directly to 7 and take the bounce during a maintenance window and it should get you what you need. We tried the lower values but it wasn’t until combining all of the logging levels that it became truly useful for troubleshooting.